On Apr 11, 2011, at 12:19 PM, Vick Khera wrote: > On Mon, Apr 11, 2011 at 11:19 AM, Paul Mather <p...@gromit.dlib.vt.edu> wrote: > Has anyone managed to get IPsec for mobile clients working with pfSense 2.0 > and Mac OS X 10.6? If so, which client are you using on the Mac OS X side? > Is anything special needed on the pfSense side? > > I *used* to use IPsecuritas but it was alway finicky. I finally made the > switch for all of the roaming clients to OpenVPN using Tunnelblick and > everything has been much, much more stable. I still use IPsec for my fixed > end-point tunnels between offices, and that works solidly. All such > endpoints are pfSense. > > Unless you have some hard requirement to use IPSec for your mobile clients, > give OpenVPN a try.
Funnily enough, I had tried OpenVPN in this environment quite a while ago (not with pfSense, though) but gave up because I couldn't get Tunnelblick working smoothly. I don't remember exactly what problems I was having, but I think routing and private DNS resolution seem to ring a bell. Has the Tunnelblick client improved in the last two years or so? I figured folks would suggest using OpenVPN instead of IPsec. :-) I had hoped to avoid doing that because I want to minimise the amount of third-party client software I need to deploy. Plus, I don't know how well-supported OpenVPN is on devices such as the iPad and iPhone. But, in the absence of "it works for me" responses for IPsec on Mac OS X, I may just have to try it. :-) Cheers, Paul.